Most of what has been discussed has concentrated on the Hikvision IP cameras. However there have been some similar vulnerabilities reported in various DVR's.
For an HD analog system, the cameras are not prone to hacking over the network, but the DVR could be an attack point.
If the same company is writing firmware/code for both devices, and at least one of those devices has been shown to be insecure, most security people would think it a reasonable assumption to not trust the other device either.
Ethan did a good report on device security: Network Security For IP Surveillance that covers many of the things you'd want to consider, whether you're securing a camera or a DVR.
So, HD analog cameras are not vulnerable, but you might not want to trust the DVR without doing some basic best-practices.
The first Hikvision hacking incident (at least that I recall) was with DVRs, not cameras. Vulnerable DVRs were turned into bitcoin miners.
They actually closed some security holes in DVR firmware before the camera firmware, quite possibly because cameras weren't really notably hacked (in other words: made very public) until later.
Ethan, correct me if I'm wrong, but I'm under the impression that at this point in time, there is no particular security vulnerability with hikvision that doesn't also exist with any other manufacturer.
My understanding is that hikvision may have even over-secured their hardware since the original vulnerabilities came to light a while back.
I defer to your expertise Ethan.... but this is the impression I'm currently working with. Please correct me if I'm wrong.
Pro Focus LLC | 05/12/16 02:03pm
Let me give you this little bit of perspective; all of their products are capable of being managed by the same software (SADP), so there is likely similarities in their code. If someone were to find an exploit using SADP or iVMS, they could potentially affect any IP connected device. Now, since TVI cameras aren't directly connected to an IP network, the exploit would have to be applied to the DVR.